package com.rt.cloud.auth.config;

import com.rt.cloud.auth.config.login.UserAuthenticationProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    //@Resource private MyUserDetailServiceImpl myUserDetailService;

    //权限拒绝处理逻辑
    //@Autowired
    //private MyAccessDeniedHandler accessDeniedHandler;



    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        /*auth.userDetailsService(myUserDetailService)
            .passwordEncoder(passwordEncoder())
            .and()
            .authenticationProvider(userAuthenticationProvider);*/
        auth.authenticationProvider(authenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //加入图片验证码过滤器
        //CaptchaFilter captchaFilter=new CaptchaFilter();
        /*captchaFilter.setFailureHandler(tigerAuthenticationFailureHandler);
        //图片验证码放在认证之前
        http.addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class)
                .formLogin()
                .loginPage( "/authentication/require")//自定义登录请求
                .loginProcessingUrl("/authentication/form")//自定义登录表单请求
                .successHandler(tigerAuthenticationSuccessHandler)
                .failureHandler(tigerAuthenticationFailureHandler)
                .and()
                .authorizeRequests()
                .antMatchers(securityProperties.getBrowser().getLoginPage(),
                        "/authentication/require","/captcha/image")//此路径放行 否则会陷入死循环
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .csrf().disable()//跨域关闭
        ;*/
        // http.addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class);

        http
                .authorizeRequests()
                .antMatchers("/oauth/**").permitAll()
                /*.antMatchers("/").permitAll()
                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/swagger-ui.html**").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/favicon.ico").permitAll()
                .antMatchers("/csrf").permitAll()*/
                .anyRequest()
                .authenticated()
                .and().formLogin()
                .and().logout()
                //.and().exceptionHandling()
                //.accessDeniedHandler(accessDeniedHandler)//权限拒绝处理逻辑
        ;
        http.csrf().disable();
    }

    //开启密码模式需要注入 AuthenticationManager ， 所以要先在 SpringSecurityConfig 添加
    //AuthenticationManager 到容器中。
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * @Description Spring security认证Bean
     * @Date 2019/7/4 17:39
     * @Version  1.0
     */
    @Bean
    public AuthenticationProvider authenticationProvider(){
        AuthenticationProvider authenticationProvider = new UserAuthenticationProvider();
        return authenticationProvider;
    }

}
